Inter-connected devices create a myriad of cyber security threats for businesses. These threats affect both small and large businesses in all industries. Any attempt to safeguard data environments from common threats requires the establishment of cyber-security frameworks that support IoT devices. In a move to lessen the burden that typifies information security within the data environment, National Institute of Standards and Technology (NIST) recently issued a call for papers. This will pave way for the establishment of data security standards for IoT devices.
What is IoT?
Any device that can connect to another device or to the Internet can be generally described as an IoT device. If for instance, you use smart home devices such as lights that can be controlled using your smartphone, they can be regarded as IoT devices.
IoT devices have greatly enhanced efficiency across different industries. For instance, businesses have eased data monitoring burdens through the incorporation of productivity tools. On their part, manufacturers have streamlined their processes through the use of Supervisory Control and Data Acquisition (SCADA) systems.
Risk Associated With Using IoT Devices
We control our computers and the level of access to them. The IoT environment specifically exists to enable us to automate activities in a way that allows us to engage with information more, and less with devices. In the healthcare market, for instance, pacemakers that have IoT capabilities can allow doctors to monitor patients’ hearts more closely.
Nevertheless, the same sensors used to collect any information and communicate data are faced with various risks. Whenever you share data between devices that are connected via your firewalls, you have passwords, firewalls, and encryption to protect the data. However, connections and sensors between Bluetooth-enabled devices cannot offer the same level of protection as larger devices.
IoT Bluetooth Connections
Generally, Bluetooth connections involve low-frequency, short-distance radio wave signals that typically use little power. These signals inter-connect devices, often within a range of 30 foot. Regardless of the connectivity of an anchored device to the web, the Bluetooth connection isn’t necessarily a network-enabled device. Headphones can, for instance, connect to smartphones that connect to the Internet but nevertheless, require the primary anchored device to connect to the Internet.
Common IoT Risks
Since IoT and Bluetooth devices connect in various ways, numerous security concerns are created in the process. The following are 5 of the biggest IoT risks.
- Authentication
Whenever you connect your computers to network-based services, you are often required to incorporate usernames and passwords. If you are really security-conscious, it is advisable to include multi-factor authentication. Bluetooth devices often create unique “addresses” that are similar to IP addresses. Since you cannot put a password over such a connection like it is the case when you use a router, the devices don’t provide a water-tight level of authentication.
- Confidentiality
Since IoT connection isn’t secured by any authentication, information transmitted across inter-connected devices cannot remain confidential. In any case, this low level of confidentiality is the main issue that faces devices that are connected to public Wi-Fi networks. The lack of passwords and encryption means that data passing through the network can be intercepted easily.
- Authorization
Bluetooth connections cannot adequately protect devices involved from unauthorized programs and users. In conventional networking, it is easy to control data which individual users have access to. Since Bluetooth devices do not allow you to create usernames and passwords, it is impossible to tell what data that they can access.
- Integrity
Since you cannot set authorization or authenticate users, data integrity in Bluetooth connections isn’t assured. You cannot be too sure that the right people are accessing the right data because anyone can intercept information traveling within the network.
- Pairing
Pairing Bluetooth IoT devices with tablets, computers, or smartphones require you to set up a data-sharing connection between them. If the primary device is left open to Bluetooth connections for IoT connections, other nearby devices that are searching for a connection will connect to the primary device.
What NIST’s “Lightweight Cryptography Seeks to Achieve
IoT devices generally vary in terms of price and complexity. Therefore, an IoT syringe that is used in hospitals to disseminate pain medication should have a higher level of security than headphones that are connected to an MP3 player. For this reason, NIST recognizes the need to create standards that will ensure all devices are protected. The current NIST Lightweight Cryptography Standardization Process draft focuses on coding to prevent unwarranted attacks on IoT devices.
Automation and NIST Compliance
SaaS platforms now provide easy-to-use solutions that allow compliance managers to stay apprised of changes in the field of IT compliance. Built-in seed content incorporates NIST 800-53 and its 1,000 objectives that allow you to continuously remain compliant despite the ever-changing state of the cyber-security industry.
